In article <[EMAIL PROTECTED]> Kirill A. Shutemov wrote:
>On [Wed, 02.05.2007 18:21], malc wrote:
>> On Wed, 2 May 2007, Kirill A. Shutemov wrote:
>>=20
>> >http://secunia.com/advisories/25073/
>> >
>> >Any comments ?
>>=20
>> AAM - http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html
>> SB16/DMA - in attachment
>
>Thanks. Other Vulnerabilities?
Yesterday I added the debian security patch (90_security.patch from
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
) to the FreeBSD qemu ports (had to modify it slightly), cvsweb location
of the one for qemu 0.9.0 is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu/files/patch-90_security
and the one for the 20070405 cvs snapshot is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-90_security
(I haven't checked if it still applies to today's cvs, but it might :)
I also disabled the -vmwarevga acceleration code because of the missing
range checks, cvsweb of that patch is here,
http://www.freebsd.org/cgi/cvsweb.cgi/ports/emulators/qemu-devel/files/patch-hw-vmware_vga.c
HTH,
Juergen
